SSH Reverse Tunnel – How to Configure SSH Reverse Tunnel from Config File

configurationsshssh-tunnel

I'm looking for a ssh client config directive like LocalForward that works as the -L CLI parameter but for the -R parameter

TL;DR full problem details

The data:

repoServer -> myComputer -> NAT -> stagingServer

I have a local git repository server that is not exposed to the internet and a remote staging server on which I have to deploy my repo.

To do so, I ssh into the remote stagingServer with a reverse socket.

Current configuration for myComputer:

File: ~/.ssh/config

Host StagingServer
  Hostname staging.acme.com
  User username
  PreferredAuthentications publickey
  IdentityFile ~/.ssh/id_username
  ForwardAgent yes

on which I run:
ssh StagingServer -R 8022:repository.local:22

Current configuration for stagingServer:

File: ~/.ssh/config

Host repository
  Hostname localhost
  User git
  Port 8022
  PreferredAuthentications publickey
  IdentityFile ~/.ssh/id_deployer

on which I can run:
git clone git@repository:myProject.git

And all works fine, but… finally

The question:

Is it possible to specify in the ssh client config file (~/.ssh/config) to open the reverse tunnel so that I haven't to add -R 8022:repository.local:22

Best Answer

Obviously what you are looking for is RemoteForward, you can find the specific in the ssh_config Doc...

Documentation: https://linux.die.net/man/5/ssh_config (Search for RemoteForward). It is self explanatory.

RemoteForward

Specifies that a TCP port on the remote machine be forwarded over the secure channel to the specified host and port from the local machine. The first argument must be [ bind_address:]port and the second argument must be host:hostport. IPv6 addresses can be specified by enclosing addresses in square brackets or by using an alternative syntax: [ bind_address/]port and host/hostport. Multiple forwardings may be specified, and additional forwardings can be given on the command line. Privileged ports can be forwarded only when logging in as root on the remote machine.

Then the configuration for myComputer becomes:

File: ~/.ssh/config

Host StagingServer
  Hostname staging.acme.com
  User username
  PreferredAuthentications publickey
  IdentityFile ~/.ssh/id_username
  ForwardAgent yes
  RemoteForward 8022 repository.local:22

Related Solutions

SSH Authentication – Use Only Password and Ignore SSH Key

Try ssh -o PasswordAuthentication=yes -o PreferredAuthentications=keyboard-interactive,password -o PubkeyAuthentication=no host.example.org

In ssh v2, keyboard-interactive is another way to say "password". The -o PubkeyAuthentication=no option instructs the client not to attempt key pair authentication.

In addition, the PasswordAuthentication=yes option is to override any previously configured ssh options that may have disabled it.

SSH – Bad Owner or Permissions on ~/.ssh/config

I needed to have rw for user only permissions on config. This fixed it.

chmod 600 ~/.ssh/config

As others have noted below, it could be the file owner. (upvote them!)

chown $USER ~/.ssh/config

If your whole folder has invalid permissions here's a table of possible permissions:

Path	Permission
.ssh directory (code)	0700 (drwx------)
private keys (ex: `id_rsa`) (code)	0600 (-rw-------)
`config`	0600 (-rw-------)
public keys (*.pub ex: `id_rsa.pub`)	0644 (-rw-r--r--)
`authorized_keys` (code)	0644 (-rw-r--r--)
`known_hosts`	0644 (-rw-r--r--)

Sources:

openssh check-perm.c
openssh readconf.c
openssh ssh_user_config fix_authorized_keys_perms

Best Answer

Related Solutions

SSH Authentication – Use Only Password and Ignore SSH Key

SSH – Bad Owner or Permissions on ~/.ssh/config

Related Topic